pod2g has just published a blog regarding an SMS vulnerability he's found in iOS that could allow someone to abuse the protocol for SMS in order to spoof or send fake text messages. The exploit has been an issue since the incarnation of iOS and is still present in iOS 6 beta 4.
He's now urging Apple to fix it.
He goes on to explain a bit about the protocol that is used to send SMS messages, PDU (Protocol Description Unit), and how it works.
PDU is a protocol that is pretty dense, allowing different types of messages to be emitted. Some examples : SMS, Flash SMS, Voice mail alerts, EMS, ... The specification is large and pretty complex. As an example, just to code the data, there are multiple possible choices : 7bit, 8bit, UCS2 (16bit), compressed or not, ...
The problem is that if you own a smartphone or a modem you have the ability to send messages in this raw type of format. There's also an optional section, UDH (User Data Header), that not all smartphones are compatible with but that allows more advanced features to be sent in a message. Some of these "more advanced features" include changing the reply-to address or sending the message from a different number altogether. The iPhone does support these features and contains a vulnerability that makes it susceptible to attacks by hackers that may choose to abuse this system.
pod2g lays out a few ways in which hackers could take advantage of this exploit:
- pirates could send a message that seems to come from the bank of the receiver asking for some private information, or inviting them to go to a dedicated website. [Phishing]
- one could send a spoofed message to your device and use it as a false evidence.
- anything you can imagine that could be utilized to manipulate people, letting them trust somebody or some organization texted them.
There are tools already available that make it rather simple to manipulate this data on smartphones. He's also created a tool for the iPhone 4 that he also plans on releasing. He is currently urging Apple to fix the issue before the public release of iOS 6 and warns that you should never trust an SMS message containing sensitive data on your iPhone in the time being.
Do you think releasing the tool will get Apple's attention or just cause more issues in the mean time for end users?
We may earn a commission for purchases using our links. Learn more.
You ain't seen nothing until you've seen these iPhones used as gate posts
The humble iPhone is great at doing all kinds of things. including being used as gate posts, apparently.
Tim Cook pens open 'Speaking up on racism' letter
Tim Cook has written an open letter titled 'Speaking up on racism.'
If Apple made an iPhone mini, this might be what it would look like
We're never short of iPhone concepts but this thing takes the biscuit. It's a sort of iPhone mini, but not. It's hard to explain, but it's awesome regardless.
Accessories your Nikon D3400 with these awesome extras
The Nikon D3400 is a fantastic camera for beginner photographers and there are a ton of accessories that can help you elevate your photo quality.